Controller and method for setting up communication links to redundantly operated controllers in an industrial automation system

ABSTRACT

A method for setting up communication links to redundantly operated controllers in an industrial automation system, in which a first controller is in an active operating state for controlling or regulating a technical process, and a second controller is in a reserve operating state, from which it is placeable into an active operating state in the event the first controller fails, where the first/second controllers respectively store a device identifier associated with the first/second controllers, information about associations between device names and communication network addresses of the first/second controllers is provided in accordance with a name service protocol within at least one subnetwork associated with the first/second controllers, and where retrieval of a piece of address or name information for one of the two controllers involves automatically providing the piece of address or name information to setup a communication link to the other controller based on the respective device identifier.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The invention relates to control and, more particularly, to a controllerand method for setting up communication links to redundantly operatedcontrollers in an industrial automation system.

2. Description of the Related Art

An industrial automation system usually comprises a multiplicity ofautomation devices networked to one another via an industrialcommunication network, and is used within the context of production orprocess automation for controlling or regulating installations, machinesand/or devices. Time-critical constraints in technical systems automatedvia industrial automation systems mean that realtime communicationprotocols, such as PROFINET, PROFIBUS or Real Time Ethernet, arepredominantly used in industrial communication networks forcommunication between automation devices.

Interruptions in communication links between computer units in anindustrial automation system or automation devices can lead toundesirable or unnecessary repetition of a transmission of a servicerequest. This repeated transmission causes an additional workload forcommunication links in the industrial automation system, which can leadto further system disturbances or faults. A particular problem inindustrial automation systems regularly results from signaling trafficwith a relatively large number of, albeit relatively short, messages,which intensifies the above problems.

On account of their use for often extremely different applications,Ethernet-based communication networks can encounter problems whennetwork resources for transmitting short data frames with realtimerequirements are concurrently demanded for transmitting data frames witha large user data content, for example. This can lead to delayedtransmission of the data frames with realtime requirements or even to aloss of individual data frames of this kind.

WO 2007/144364 A1 describes a method for networking an automatedinstallation that comprises at least one cell having a subnetwork. Thesubnetwork is linked to a further subnetwork of the automatedinstallation via a router. The automated installation is networked byproviding a multicast group that extends over both subnetworks. Themulticast group is used to detect a communication network address for acommunication network interface of an assembly. Here, the assembly hasjoined the multicast group beforehand via the communication networkaddress, and the communication network interface has been connected tothe subnetwork beforehand. The communication network address is used toassign a name to the communication network interface of the assembly. Ina further step, a further communication network address for thecommunication network interface of the assembly is ascertained, whichhas at least part of a numerical representation of the name.

European patent application 14200562.8 discloses a method forascertaining communication device addresses within a communicationnetwork in an industrial automation system. Selected communicationdevices of the industrial automation system each have an associatedmemory unit that each temporarily store at least some name serviceinformation that is provided by a communication network name service.Connection setup from a first selected communication device to a secondcommunication device is commenced from an application or function of theindustrial automation system, which application or function isdistributed over at least the first and second communication devices,using the name service information that is stored in the memory unitassociated with the first communication device. In the event of a failedconnection setup attempt, the application or function initiates an atleast partial update of the temporarily stored name service information.

A method for configuring a communication device in an industrialautomation system is described in co-pending U.S. application Ser. No.15/044,906 filed Feb. 16, 2016, the contents of which are incorporatedherein by reference in its entirety. In this case, a communicationnetwork address associated with the communication device is generatedindependently from at least one prefix transmitted via routernotification messages by at least one router allocated within asubnetwork and from a device-individual interface identifier. Thecommunication device asks at least one server in a name service system,in accordance with a name resolution protocol, which communicationnetwork addresses are associated with its communication device name. Thecommunication network addresses requested from the server in the nameservice system are checked for a match with the prefix. However, thecommunication device allocates itself only those communication networkaddresses requested from the server in the name service system that havea match with the prefix transmitted by the router.

In the case of high-availability control systems, two programmable logiccontrollers are logically coupled to one another such that they executeidentical user programs essentially in sync. Here, one programmablelogic controller, which is in an active operating state for controllingor regulating a technical process, usually has, as the main controller,a leading role, while the other programmable logic controller, as areserve controller, executes user programs with a prescribed time delay.If one of the two programmable logic controllers in a high-availabilitycontrol system fails, the remaining programmable logic controllercontinues to execute the user programs.

In principle, a high-availability control system is more likely in avirtual form, specifically as a result of the interaction of the twoprogrammable logic controllers that the high-availability control systemcomprises. Here, the high-availability control system, in contrast tothe two programmable logic controllers, has no associated device name.If, by way of example, an operator control and monitoring device isintended to access a high-availability control system, then this deviceusually requires setup of a respective transport connection to each ofthe two programmable logic controllers. Ideally, this should not requireexplicit identification of the two transport connections. Instead, itmakes sense to set up a connection to a high-availability control systemon a logical level.

In order to set up a connection to a high-availability control system,the transport connections to the two programmable logic controllerscould be planned individually, in principle. This is relativelyinconvenient and also susceptible to error, however. Another way ofsetting up a connection to a high-availability control system would beto use an additional itinerant communication network address that alwaysrefers to the current main controller. One problem with such a solutionis that address changes should also be promptly updated in a Domain NameSystem. Usually, corresponding changes in a Domain Name System areimplemented only with delays of a few minutes. A setup of acommunication to a high-availability control system could, in accordancewith a further alternative, also be initiated by using an additionalitinerant device name that always refers to the current main controller.However, in this case, one problem is that changes in a Domain NameSystem are also implemented only with delays of several minutes.

SUMMARY OF THE INVENTION

In view of the foregoing, it is an object of the present invention toprovide a controller and a reliable and easy-to-implement method forsetting up communication links to redundantly operated controllers in ahigh-availability control system.

This and other objects and advantages are achieved in accordance withthe invention by providing a method for setting up communication linksto redundantly operated controllers in an industrial automation system,in which a first controller is in an active operating state forcontrolling or regulating a technical process. By contrast, a secondcontroller is in a reserve operating state, from which it can be placedinto an active operating state in the event of failure of the firstcontroller. The first controller stores a device identifier associatedwith the second controller. Correspondingly, the second controllerstores a device identifier associated with the first controller. Thedevice identifiers are preferably symbolic device names. A controller ina reserve operating state preferably simulates the control or regulationof the technical process that is controlled or regulated by thecontroller in the active operating state. Here, a simulation can beeffected with a prescribed time delay in relation to control orregulation of a technical process.

In accordance with the invention, information about associations betweendevice names and communication network addresses of the first and secondcontrollers is provided in accordance with a name service protocol atleast within a subnetwork associated with the first or secondcontroller. Retrieval of a piece of address or name information for oneof the two controllers comprises automatically providing a piece ofaddress or name information for setup of a communication link to theother controller based on the respective device identifier. Inparticular, a device identifier can be used to ascertain a communicationnetwork address for setup of a communication link, which is set up inaccordance with Transmission Control Protocol, to a controller.Preferably, the respective device identifier is used to set up acommunication link to the controller that is in the active operatingstate. This means that the user requires no knowledge of whichcontroller in a high-availability control system is in an activeoperating state. Device names and addresses of both controllers can beautomatically captured in a Domain Name System. As a result, developmentefforts and sources of error are reduced.

In accordance with a preferred embodiment of the method in accordancewith the invention, the communication network addresses of the first andsecond controllers are IPv6 addresses. Accordingly, the first and secondcontrollers each generate their IPv6 addresses independently. This meansthat there is also no need to plan the communication network addresses,as a result of which it is possible for development and startup effortsto be further reduced.

The information about associations between device names andcommunication network addresses of the first and second controllers canbe provided in accordance with Discovery and Basic ConfigurationProtocol (DCP), for example, which is standardized in the context ofPROFINET. Advantageously, the device identifier stored in the firstcontroller, which device identifier is associated with the secondcontroller, and the device identifier stored in the second controller,which device identifier is associated with the first controller, areeach stored in DCP variables in accordance with Discovery and BasicConfiguration Protocol. These DCP variables are provided for furtherautomation or communication devices via corresponding service componentsfor the Discovery and Basic Configuration Protocol.

Preferably, identification of the first controller via Discovery andBasic Configuration Protocol comprises automatically reading the DCPvariable stored therein, which stores the device identifier associatedwith the second controller. Correspondingly, identification of thesecond controller by means of Discovery and Basic Configuration Protocolalso comprises automatically reading the DCP variable stored therein,which stores the device identifier associated with the first controller.

In accordance with a further embodiment of the present invention, theinformation about associations between device names and communicationnetwork addresses of the first and second controllers is provided via aDomain Name System or in accordance with Multicast DNS protocol. Here,the device identifier stored in the first controller, which deviceidentifier is associated with the second controller, and the deviceidentifier stored in the second controller, which device identifier isassociated with the first controller, are advantageously each stored inDNS resource records. Furthermore, the first and second controllerspreferably each comprise a service component for dynamic DNS or formulticast DNS that they use to disseminate not only information abouttheir own device name and their own communication network address butalso the device identifier that is associated with the other controller.This means that besides the information about associations betweendevice names and communication network addresses of the first and secondcontrollers, the device identifiers can also be retrievably stored in atleast one DNS server. Here, the device identifiers are advantageouslystored in the DNS server as additional resource records, which areprovided as additional information for an address or name resolutioninquiry.

It is also an object of the invention to provide a controller in anindustrial automation system which is suitable for performing the methodin accordance with the disclosed embodiments and which comprises acontrol unit for controlling or regulating a technical process. Thecontrol unit is configured to be changed over between an activeoperating state and a reserve operating state. Furthermore, thecontroller in accordance with the invention comprises a memory unit thatstores a device identifier for an associated main or reserve controller.

In accordance with the invention, the controller is configured toprovide information about associations between device names andcommunication network addresses in accordance with a name serviceprotocol at least within an associated subnetwork. Additionally, thecontroller is further configured to prompt retrieval of a piece ofaddress or name information for a main or reserve controller toautomatically provide a piece of address or name information for setupof a communication link to an associated reserve or main controllerbased on the respective device identifier.

Other objects and features of the present invention will become apparentfrom the following detailed description considered in conjunction withthe accompanying drawings. It is to be understood, however, that thedrawings are designed solely for purposes of illustration and not as adefinition of the limits of the invention, for which reference should bemade to the appended claims. It should be further understood that thedrawings are not necessarily drawn to scale and that, unless otherwiseindicated, they are merely intended to conceptually illustrate thestructures and procedures described herein.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is explained in more detail below using anexemplary embodiment with reference to the drawing, in which:

FIG. 1 shows an industrial automation system with an operator controland monitoring station and a first embodiment of a high-availabilitycontrol system that comprises two redundantly operated programmablelogic controllers in accordance with the invention;

FIG. 2 shows an industrial automation system with an operator controland monitoring station and a second embodiment of a high-availabilitycontrol system in accordance with the invention; and

FIG. 3 is a flowchart of the method in accordance with the invention.

DETAILED DESCRIPTION OF THE EXEMPLARY EMBODIMENTS

The industrial automation system shown in FIG. 1 comprises an operatorcontrol and monitoring station 130 that is formed as a Human-MachineInterface (HMI) system and connected via a local area communicationnetwork 100 to a first programmable logic controller 111 and a second112 programmable logic controller, which are operated redundantly inrelation to one another and together form a high-availability controlsystem. The two programmable logic controllers 111, 112 are configuredidentically and comprise a control unit (not shown in more detail inFIG. 1) for controlling or regulating a technical process. This controlunit can be changed over between an active operating state and a reserveoperating state. A programmable logic controller in a reserve operatingstate simulates the control or regulation of the technical process thatis controlled or regulated by the programmable logic controller in theactive operating state. In this case, a simulation is effected with aprescribed time delay or slip in relation to control or regulation of atechnical process.

Furthermore, the programmable logic controllers 111, 112 each comprise amemory unit 301, 302 that stores a symbolic name for an associated maincontroller, which is in an active operating state, or reservecontroller. In the present exemplary embodiment, the memory unit 301 ofthe first programmable logic controller 111 stores a symbolic name forthe second programmable logic controller 112. Correspondingly, thememory unit 302 of the second programmable logic controller 112 stores asymbolic name for the first programmable logic controller 111. By way ofexample, the symbolic names can be written to the memory units 301, 302in the course of development.

Both programmable logic controllers 111, 112 each provide informationabout associations between device names and communication networkaddresses in accordance with Discovery and Basic Configuration Protocol(DCP) within the local area communication network 100. To this end, thetwo programmable logic controllers 111, 112 each comprise a servicecomponent 300 for the Discovery and Basic Configuration Protocol. Theoperator control and monitoring station 130 also comprises a servicecomponent 300 for the Discovery and Basic Configuration Protocol. In thepresent exemplary embodiment, the communication network addresses of thefirst programmable logic controller 111 and second programmable logiccontroller 112 are IPv6 addresses that are generated by each of thefirst and second programmable logic controllers 111, 112 independently.

Additionally, both programmable logic controllers 111, 112 areconfigured to prompt retrieval of a piece of address or name informationfor a main or reserve controller to automatically provide acorresponding piece of address or name information to setup acommunication link to an associated reserve or main controller based onthe respective symbolic name. By way of example, retrieval of a piece ofaddress or name information can be initiated by the operator control andmonitoring station 130.

The first embodiment of a high-availability control system, which isshown in FIG. 1, involves the use of the Discovery and BasicConfiguration Protocol for providing information about associationsbetween device names and communication network addresses. Consequently,the symbolic names are stored in the memory units 301, 302 of theprogrammable logic controllers 111, 112 in respective DCP variables inaccordance with Discovery and Basic Configuration Protocol. These DCPvariables are provided for further automation or communication devices,such as the operator control and monitoring station 130, bycorresponding service components 300 for the Discovery and BasicConfiguration Protocol.

Identification of one of the two programmable logic controllers 111, 112via Discovery and Basic Configuration Protocol comprises automaticallyreading the DCP variable stored therein, which stores the symbolic nameof the other programmable logic controller 111, 112. When a user usesthe operator control and monitoring station to select one of the twoprogrammable logic controllers 111, 112 using a “Lifelist” or byinputting its name, for example, the operator control and monitoringstation 130 automatically reads an associated reference from therespective DCP variable that refers to the other programmable logiccontroller 111, 112. Advantageously, this reference can be used to setup a communication link, for example, in accordance with TransmissionControl Protocol, to the programmable logic controller 111, 112 that isin the active operating state, without the user needing to know whichprogrammable logic controller is currently in the active operating stateor in the reserve operating state.

In contrast to the first embodiment of a high-availability controlsystem, which is shown in FIG. 1, the information about associationsbetween device names and communication network addresses of the twoprogrammable logic controllers 111, 112 is provided, in the case of thesecond embodiment, shown in FIG. 2, via a Domain Name System or inaccordance with Multicast DNS protocol. Furthermore, the operatorcontrol and monitoring station 201 is no longer situated in the samelocal area communication network 100 as the two programmable logiccontrollers 111, 112, but rather is now connected to the twoprogrammable logic controllers 111, 112 via a transport network 200 anda router 101. The transport network 200 furthermore connects a DomainName System (DNS) server 202 to both the two programmable logiccontrollers 111, 112 and the operator control and monitoring station201.

In accordance with FIG. 2, both programmable logic controllers 111, 112each have a service component 400 for dynamic DNS or multicast DNS(mDNS) that they use to disseminate not only information about their owndevice name and their own communication network address but also thesymbolic name that is associated with the other programmable logiccontroller 111, 112. For this reason, the symbolic names of the otherprogrammable logic controller 111, 112 that are stored in the memoryunits 401, 402 are stored as DNS resource records that, besides theinformation about associations between device names and communicationnetwork addresses of the two programmable logic controllers 111, 112,are initially transmitted to the DNS server 202 and retrievably storedtherein. The symbolic names of the other programmable logic controller111, 112 are thus stored in the DNS server 202 as additional resourcerecords that are provided as additional information for an address orname resolution inquiry.

In accordance with FIG. 2, the operator control and monitoring station201 also comprises a name service component 400 that may be formed as astandard-compliant DNS stub resolver, for example. If the operatorcontrol and monitoring station were situated in the same local areacommunication network 100 as the two programmable logic controllers 111,112, then the name service component 400 of the operator control andmonitoring unit 201 could be formed as an mDNS peer; the DNS server 202would be merely optional in this case.

As soon as a user at the operator control and monitoring station 201outside the local area communication network 100 identifies one of thetwo programmable logic controllers 111, 112, such as by using a domainservice list or by inputting its name, the operator control andmonitoring station 201 automatically reads the corresponding resourcerecord that refers to the other programmable logic controller 111, 112.This allows automatic setup of a communication link to the respectivecurrent main controller without the latter needing to be explicitlyknown as such to the user of the operator control and monitoring station201.

FIG. 3 is a flowchart of a method for setting up communication links toredundantly operated controllers in an industrial automation system,where a first controller is in an active operating state for controllingor regulating a technical process, and a second controller is in areserve operating state, from which the second controller is placeableinto an active operating state in an event of failure of the firstcontroller. The method comprises storing a device identifier associatedwith the second controller in the first controller, as indicated in step310.

Next, a device identifier associated with the first controller is storedin the second controller, as indicated in step 320.

Next, information about associations between device names andcommunication network addresses of the first and second controllers isprovided in accordance with a name service protocol at least within asubnetwork associated with at least one of the first controller and thesecond controller, as indicated in step 330.

Next, a piece of address segment or name information for one of the twocontrollers is now retrieved to automatically provided the piece ofaddress or name information to setup a communication link to anothercontroller based on a respective device identifier, as indicated in step340.

While there have been shown, described and pointed out fundamental novelfeatures of the invention as applied to a preferred embodiment thereof,it will be understood that various omissions and substitutions andchanges in the form and details of the methods described and the devicesillustrated, and in their operation, may be made by those skilled in theart without departing from the spirit of the invention. For example, itis expressly intended that all combinations of those elements and/ormethod steps which perform substantially the same function insubstantially the same way to achieve the same results are within thescope of the invention. Moreover, it should be recognized thatstructures and/or elements and/or method steps shown and/or described inconnection with any disclosed form or embodiment of the invention may beincorporated in any other disclosed or described or suggested form orembodiment as a general matter of design choice. It is the intention,therefore, to be limited only as indicated by the scope of the claimsappended hereto.

What is claimed is:
 1. A method for setting up communication links toredundantly operated programmable logic controllers in an industrialautomation system, wherein a first programmable logic controller is inan active operating state for controlling or regulating a technicalprocess, and a second programmable logic controller is in a reserveoperating state, from which said second programmable logic controller isplaceable into an active operating state in an event of failure of thefirst programmable logic controller, the method comprising: storing adevice identifier associated with the second programmable logiccontroller in the first programmable logic controller redundantlyoperated in the industrial automation system; storing a deviceidentifier associated with the first programmable logic controller inthe second programmable logic controller redundantly operated in theindustrial automation system, said device identifier associated with thesecond programmable logic controller and the device identifierassociated with the first programmable logic controller each beingstored in one of a Discovery and Basic Configuration Protocol (DCP)variable and a Domain Name System (DNS) record in another correspondingprogrammable logic controller; providing information about associationsbetween device identifiers and communication network addresses of thefirst and second programmable logic controllers redundantly operated inthe industrial automation system in accordance with a name serviceprotocol at least within a subnetwork associated with at least one ofthe first programmable logic controller and the second programmablelogic controller; and retrieving a piece of address segment or nameinformation for one of the two programmable logic controllers toautomatically provide the piece of address or name information ofanother programmable controller to setup communication links to thefirst and second programmable logic controllers based on respectivedevice identifiers of the first and second programmable logiccontrollers; wherein each programmable logic controller from the firstand second programmable logic controllers comprises a component fordisseminating information about a respective device identifier and arespective communication network address of the first and secondprogrammable logic controllers as well as a device identifier associatedwith the other programmable logic controller by reading one of the DCPvariable and DNS record; and wherein said retrieval of the piece ofaddress segment or name information is effected during a user selectionor identification of one of the two programmable logic controllers. 2.The method as claimed in claim 1, wherein the communication networkaddresses of the first and second programmable logic controllers areIPv6 addresses, and wherein the first and second programmable logiccontrollers redundantly operated in the industrial automation systemeach generate their IPv6 addresses independently.
 3. The method asclaimed in claim 2, wherein the information about associations betweendevice names and communication network addresses of the first and secondprogrammable logic controllers redundantly operated in the industrialautomation system is provided in accordance with Discovery and BasicConfiguration Protocol (DCP).
 4. The method as claimed in claim 2,wherein the information about associations between device names andcommunication network addresses of the first and second programmablelogic controllers redundantly operated in the industrial automationsystem is provided at least one of (i) via a Domain Name System (DNS)and (ii) in accordance with Multicast DNS protocol.
 5. The method asclaimed in claim 1, wherein the information about associations betweendevice names and communication network addresses of the first and secondprogrammable logic controllers redundantly operated in the industrialautomation system is provided in accordance with Discovery and BasicConfiguration Protocol (DCP).
 6. The method as claimed in claim 5,wherein the device identifier stored in the first controller, whichdevice identifier is associated with the second programmable logiccontroller, and the device identifier stored in the second programmablelogic controller, which device identifier is associated with the firstprogrammable logic controller, are each stored in DCP variables inaccordance with Discovery and Basic Configuration Protocol, which areprovided for further automation or communication devices viacorresponding service components for the Discovery and BasicConfiguration Protocol.
 7. The method as claimed in claim 6, whereinidentification of the first programmable logic controller via Discoveryand Basic Configuration Protocol comprises automatically reading a DCPvariable stored therein, which stores the device identifier associatedwith the second programmable logic controller, and whereinidentification of the second programmable logic controller via Discoveryand Basic Configuration Protocol comprises automatically reading a DCPvariable stored therein, which stores the device identifier associatedwith the first programmable logic controller.
 8. The method as claimedin claim 1, wherein the information about associations between devicenames and communication network addresses of the first and secondprogrammable logic controllers redundantly operated in the industrialautomation system is provided at least one of (i) via a Domain NameSystem (DNS) and (ii) in accordance with Multicast DNS protocol.
 9. Themethod as claimed in claim 8, wherein the device identifier stored inthe first programmable logic controller, which device identifier isassociated with the second programmable logic controller, and the deviceidentifier stored in the second programmable logic controller, whichdevice identifier is associated with the first programmable logiccontroller, are each stored in Domain Name System (DNS) resourcerecords.
 10. The method as claimed in claim 9, wherein the first andsecond programmable logic controllers redundantly operated in theindustrial automation system each comprise a service component fordynamic Domain Name System (DNS) or for multicast DNS used todisseminate information about their own device name and their owncommunication network address as well as the device identifierassociated with the another programmable logic controller.
 11. Themethod as claimed in claim 8, wherein the first and second programmablelogic controllers redundantly operated in the industrial automationsystem each comprise a service component for dynamic Domain Name System(DNS) or for multicast DNS used to disseminate information about theirown device name and their own communication network address as well asthe device identifier associated with the another programmable logiccontroller.
 12. The method as claimed in claim 11, wherein the deviceidentifiers are retrievably stored in at least one Domain Name System(DNS) server along with the information about associations betweendevice names and communication network addresses of the first and secondcontrollers programmable logic redundantly operated in the industrialautomation system.
 13. The method as claimed in claim 12, wherein thedevice identifiers are stored in the DNS server as additional resourcerecords which are provided as additional information for an address orname resolution inquiry.
 14. The method as claimed in claim 1, whereinthe device identifiers are symbolic device names.
 15. The method asclaimed in claim 1, wherein a device identifier is utilized to ascertaina communication network address to setup a communication link to aprogrammable logic controller, and wherein the communication link is setup in accordance with Transmission Control Protocol.
 16. The method asclaimed in claim 1, wherein a respective device identifier is utilizedto set up a communication link to a controller that is in the activeoperating state.
 17. The method as claimed in claim 1, wherein aprogrammable logic controller in a reserve operating state simulates thecontrol or regulation of the technical process that is controlled orregulated by the programmable logic controller in the active operatingstate.
 18. The method as claimed in claim 17, wherein a simulation iseffected with a prescribed time delay in relation to control orregulation of the technical process.
 19. A redundantly operatedprogrammable logic controller in an industrial automation system, saidprogrammable logic controller comprising: a control unit for controllingor regulating a technical process, the control unit of the redundantlyoperated industrial automation system being configured to be changedover between an active operating state and a reserve operating state; amemory unit which stores a device identifier for an associated main orreserve controller in one of a Discovery and Basic ConfigurationProtocol (DCP) variable and a Domain Name System (DNS) record; acomponent for disseminating information about the device identifier anda communication network address of the programmable logic controller aswell as a the device identifier associated with another programmablelogic controller by reading one of the DCP variable and the DNS recordof the programmable logic controller; wherein the programmable logiccontroller of the redundantly operated automation system is furtherconfigured to provide information about associations between deviceidentifiers and communication network addresses in accordance with aname service protocol at least within an associated subnetwork; whereinthe programmable logic controller of the redundantly operated automationsystem is additionally configured to prompt retrieval of a piece ofaddress or name information of the other programmable controller for amain or reserve programmable logic controller to automatically providethe piece of address or name information for setup of a communicationlink to an associated reserve or main programmable logic controllerbased on a respective device identifier of the reserve or mainprogrammable logic controller; and wherein said retrieval of the pieceof address segment or name information is effected during a userselection or identification of one of the two programmable logiccontrollers.